Seal (OP)
Donator
Hero Member
 Offline
Activity: 848
Merit: 1078
|
 |
September 16, 2012, 01:58:46 PM |
|
I know this has been discussed in the official post but I wanted to ask in a separate thread for clarity.
Just how secure is blockchain.info with my private keys?
From what I can gather, your info is all AES encrypted however its ultimately stored centrally on the blockchan.info server. This makes me feel a little uncomfortable.
Whats stopping someone with access to the server performing some kind of man in the middle attack?
|
|
|
|
|
|
|
|
|
|
|
|
|
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
stepkrav
|
|
September 16, 2012, 02:04:20 PM |
|
If you feel uncomfortable, why don't you use you own wallets (cold storage, offline etc) and have blockchain's wallet only for temporary storage of btc?
|
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
September 16, 2012, 02:04:42 PM |
|
Very secure, I'd venture to say it's as secure as an ewallet can possibly be.
Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
|
fivemileshigh
|
|
September 16, 2012, 03:26:43 PM |
|
you can use two factor authentication and a javascript verifier.
Hey, what's this? thanks |
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
September 16, 2012, 03:33:22 PM |
|
you can use two factor authentication and a javascript verifier.
Hey, what's this? thanks |
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
|
barbarousrelic
|
|
September 16, 2012, 03:59:49 PM |
|
Who runs blockchain.info ? Is he a poster here?
|
Do not waste your time debating whether Bitcoin can work. It does work.
"Early adopters will profit" is not a sufficient condition to classify something as a pyramid or Ponzi scheme. If it was, Apple and Microsoft stock are Ponzi schemes.
There is no such thing as "market manipulation." There is only buying and selling.
|
|
|
|
zoinky
|
|
September 16, 2012, 05:01:25 PM |
|
|
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
September 16, 2012, 05:26:37 PM |
|
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
|
Gaff
|
|
September 16, 2012, 08:01:30 PM |
|
Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.
Actually I reckon the backup is a weak point. One of the biggest risks you face is the possibility of a key-logger on your machine. Two factor authentication protects you against this (as long as an attacker can't use social engineering to get it removed). However if they can get the backup encrypted with the same password they can effectively bypass the two factor authentication. A simple solution for this would be to encrypt the backups with a different (rarely typed in) password. I do hope blockchain.info offer this at some point. |
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
September 16, 2012, 08:40:59 PM |
|
Does it really work that way? Is the backup only encrypted by my password?
|
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
Kupsi
Legendary
Offline
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
|
|
September 16, 2012, 10:58:23 PM |
|
You can send the backup to a gmail account with two factor authentication enabled.
|
|
|
|
|
hazek
Legendary
Offline
Activity: 1078
Merit: 1002
|
|
September 16, 2012, 11:14:56 PM |
|
You can send the backup to a gmail account with two factor authentication enabled.
Are gmail accounts encrypted so google can't see inside? |
My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)
If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
|
|
|
Kupsi
Legendary
Offline
Activity: 1193
Merit: 1003
9.9.2012: I predict that single digits... <- FAIL
|
|
September 16, 2012, 11:36:11 PM |
|
You can send the backup to a gmail account with two factor authentication enabled.
Are gmail accounts encrypted so google can't see inside? I guess they can read my mail. But they also need a keylogger on my machine to decrypt the backup. |
|
|
|
|
Seal (OP)
Donator
Hero Member
Offline
Activity: 848
Merit: 1078
|
|
September 17, 2012, 03:44:09 AM |
|
Very secure, I'd venture to say it's as secure as an ewallet can possibly be.
Your wallet is stored encrypted, it's only decrypted on your computer and never leaves it in such a form, you can email yourself a backup copy with 1 click and you can use two factor authentication and a javascript verifier.
How secure is the encryption on the wallets that are stored on blockchain.info's servers? Also, there is the ability to use a second password to protect your wallets, am I right in saying that this is the same type of encryption used in the Bitcoin-qt's password where you need it to send funds? |
|
|
|
invisiblehand
Newbie
Offline
Activity: 49
Merit: 0
|
|
December 04, 2013, 10:23:28 PM |
|
Also, there is the ability to use a second password to protect your wallets, am I right in saying that this is the same type of encryption used in the Bitcoin-qt's password where you need it to send funds?
Yes there is the ability to put a second password for sending coins However, on QT the password is the same as the one used to encrypt the wallet On blockchain it can be a different password, and it is entered using an on-screen keyboard to protect against keylogging |
|
|
|
|
|
